Bug 255593

Summary:	=app-emulation/ganglia-3.1.1-r1 leak filehandles and off by 1 buffer overflow if request for gmetad interactive port larger than 2048 bytes
Product:	Gentoo Security	Reporter:	Carlo Marcelo Arenas Belon <carenas>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=223
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	255366

Description Carlo Marcelo Arenas Belon 2009-01-20 06:13:50 UTC

somehow related to BUG255366 as this problem is made visible by the bugfix that was used to correct a buffer overflow in gmetad as reported upstream in the linked bugzilla URL.

an additional patch will need to be added as shown in :

  http://ganglia.svn.sourceforge.net/viewvc/ganglia/trunk/monitor-core/gmetad/server.c?view=patch&r1=1950&r2=1953&pathrev=1953

or the patch used to correct the problem be updated to use instead :

  http://bugzilla.ganglia.info/cgi-bin/bugzilla/attachment.cgi?id=189&action=view

Reproducible: Always

Steps to Reproduce:
1. /etc/init.d/gmetad start
2. echo "/`python -c \"print \\"%s/%s/%s\\" % ('a'*1700,'b'*300,'c'*48)\"`" | netcat 127.0.0.1 8652
3.

Actual Results:  
connection hangs (every other request will succeed) and an the following error is logged :

  server_thread() 1135602000 unable to write root preamble (DTD, etc)

Expected Results:  
connection will be closed with some (or all) the root tree returned

Comment 1 Alex Legler (RETIRED) archtester

2009-01-20 08:42:20 UTC

Thanks for reporting, Carlo. I blocked the initial security bug to handle this.

Comment 2 Justin Bronder (RETIRED) gentoo-dev

2009-01-20 16:43:03 UTC

Patch updated in ganglia-3.1.1-r2.  Thanks again for keeping us up to date Carlo.